Skip to content

Commit 3626931

Browse files
joborduopen-swe[bot]
andauthored
ci: remove the temporary OIDC diagnostic step (#365)
Diagnostics confirmed the workflow side is fully correct (npm 11.18.0, Node 22.23.1, registry https://registry.npmjs.org/, OIDC token URL present, clean .npmrc). The ENEEDAUTH is npm not matching the OIDC token to a trusted publisher — an npm-side config match, not a workflow issue. Also removes the URL-leak the reviewers flagged. Co-authored-by: open-swe[bot] <jonathan@jonathanborduas.com>
1 parent 85f0436 commit 3626931

1 file changed

Lines changed: 0 additions & 10 deletions

File tree

.github/workflows/publish.yml

Lines changed: 0 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -139,16 +139,6 @@ jobs:
139139
if [ "$CURRENT" != "${{ needs.context.outputs.version }}" ]; then
140140
npm version "${{ needs.context.outputs.version }}" --no-git-tag-version
141141
fi
142-
- name: OIDC preflight diagnostics
143-
run: |
144-
echo "node: $(node --version)"
145-
echo "npm : $(npm --version) (need >= 11.5.1 for trusted publishing)"
146-
echo "which npm: $(which npm)"
147-
echo "registry: $(npm config get registry)"
148-
echo "OIDC token URL present: ${ACTIONS_ID_TOKEN_REQUEST_URL:+yes}${ACTIONS_ID_TOKEN_REQUEST_URL:-NO}"
149-
echo "--- effective .npmrc (auth redacted) ---"
150-
npm config get userconfig
151-
cat "$(npm config get userconfig)" 2>/dev/null | sed 's/\(_authToken=\).*/\1<redacted>/' || echo "(no userconfig .npmrc)"
152142
# No NODE_AUTH_TOKEN and no --provenance: OIDC is auto-detected and provenance
153143
# is attached automatically when publishing via a trusted publisher.
154144
- name: Publish via OIDC trusted publisher

0 commit comments

Comments
 (0)